So, looking at the docs and this presentation from Christopher Schultz:
https://tomcat.apache.org/presentations/2019-09-10-acna-Let's%20Encrypt%20Apache%20Tomcat.pdf
<
https://tomcat.apache.org/presentations/2019-09-10-acna-Let's%20Encrypt%20Apache%20Tomcat.pdf>
The "getting the certificate" part is easy but the updating the keystore
looks like the challenge. Easiest way, and most secure, is to put it
behind a reverse proxy like Apache which already accommodates ACME
script tools like certbot.
If a reverse proxy isn't an option, I am guessing, based on the brief
reading I did, that you could use certbot to get a cert and then write a
script to handle the OpenSSL. That is actually the conclusion that
Chris came up with in the presentation but the complete script isn't
presented. I bet you could ask him for it on the Apache Tomcat list that
I know you are already a subscriber on.
But it applies to Letsencrypt which may not be the CA you are working with.
Pete Helgren
www.petesworkshop.com
CISSP - MSCM
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
On 4/2/2026 10:39 AM, James H. H. Lampert via MIDRANGE-L wrote:
What it says on the tin: has anybody come up with a solution for
certificate renewal automation that will run on a Midrange box, that's
compatible with Tomcat servers?
--
JHHL
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
